Jump to content

sb440

Honorary Members
  • Posts

    38
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Just saw few more entries in process explorer,uploading latest process explorer log zip. 8Logfile.zip
  2. Saw the explorer.exe also setting the registry value,so uploading all 3 log files.Can't edit the previous post. 7Logfile.zip
  3. I just re-ran the fix and observe few more programs restoring the registry value.Please find the both new logs as zip. 6Logfile.zip
  4. Hi TwinHeadedEagle, I have followed the above steps.Please find attached process explorer log file.zip. 5Logfile.zip
  5. Hi TwinHeadedEagle, I have followed the above steps and uploading process explorer log file.zip. I observed uix.exe(windows update) and firefox.exe modifying the registry although I could capture only firefox.exe in log as process explorer crashed when I ran first time. 4Logfile.zip
  6. Hi TwinHeadedEagle, I have uploaded iCloudServices.exe from desktop.Please find below link:- https://www.sendspace.com/file/paullu
  7. I ran the malwarebytes scan with process explorer running.However in middle of scan, process explorer crashed.I started the process explorer and waited for the scan to end.Also I got windows low memory message with request to close malwarebytes and icloudservices. I did not get any entries in scan.
  8. Yes,process explorer was running in background when I got the windows message. Do you mean to say that I should run the malwarebytes scan with process explorer in background and check fir the Hijack.AutoConfigURL entry ?
  9. Hi TwinHeadedEagle, I ran malwarebytes scan twice with process explorer running in background.The scan did not detect any entries. However,I got message from process explorer "A system or application resource limit has been exceeded that prevents process monitor from capturing additional events." I also got windows message "your computer is low on memory.To restore enough memory for programs to work correctly,save your files and then close or restart all open programs". Just to mention that I restarted machine after doing first scan.I noticed two issues after restart:-1)machine display blank screen and did not present login screen.After hitting keys couple of times,the login screen appeared.2)instead of desktop,blank screen appeared after login.I went into task manager and ran "explorer.exe" after which desktop appeared.Not sure if these issues are because of malware. I am attaching the zip of both process explorer log files. 3Logfile.zip
  10. Yes,Malwarebytes detected 5 entries.Please find attached the scan log. malwarebytes detected 3 log.txt
  11. Hi TwinHeadedEagle, In ProcessExplorer,these are the programs which are using RegSetValue : firefox.exe,mbam.exe and Explorer.exe. Malwarebytes detected 51 entries in scan and after restarting pc,it detected 5 entries. I am attaching both Logfile.PML.zip and malwarebytes scan log. 2Logfile.zip malwarebytes detected log.txt malwarebytes detected 2 log.txt
  12. Hi TwinHeadedEagle, I followed the above steps.While saving RegSetValue from Process Explorer,in "save to file" window,I unchecked the "Also include profiling events" as it was taking long time to save and it crashed the windows explorer.Please find attached the Logfile.PML zip file and Fixlog.txt files. Also,the process explorer is crashing when I keep it open for long time.Seems it is caused by the malware. Logfile.zip Fixlog.txt
  13. Hi TwinHeadedEagle, Please find attached the Search.txt log file. Search.txt
  14. Hi TwinHeadedEagle, Please find attached the FRST.txt and Addition.txt log files. FRST.txt Addition.txt
  15. yes,it is detecting autoconfigurl and removing it.however on next scan it is re-detecting it.the values are changing but the detected item is same.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.